Behavioral Biometrics: Is It the Next MFA Standard?

If there is anything to be learned from 2017’s array of massive data breaches, it’s that single-password authentication is no longer enough to warrant security. Deloitte, one of the world’s top accounting firms, learned this the hard way. Last year, the company was hit with a massive hack that compromised private emails as well as confidential information of some its blue-chip clients. Sources told The Guardian that the breach occurred through an administrator’s account, which gave hackers unrestricted access to everything else. The account in question required a single password, with no two-step verification.

One flaw in password authentication is the fact that it doesn’t provide a strong identity check. This is why businesses are reinforcing their security with multifactor authentication (MFA). The process identifies the user by requesting several pieces of information. These may consist of something you know (password), something you have (mobile phone), and something you are (fingerprints, voice, etc.). The second and third factors are there to compensate for the weakness of the first.

The MFA seems promising on paper, but it may have its shortcomings, too. inWebo previously pointed out flaws in MFA methods, stating that they may not be user-friendly and that users are encumbered to memorize a password by virtue of the “what you know” factor. The article therefore suggested replacing passwords with biometrics as the primary authentication. This could work to enhance security and provide ease of access at the same time, as biometrics utilizes a user’s biological data to verify identity. It may take the form of fingerprint scanning, retina scanning, voice recognition, or face detection.

Of course, biometrics has its advantages and disadvantages. This type of security is primarily implemented in smartphones, as sensors are often built into the newer smartphone models. But they are also used to gain access to restricted areas and rooms.

The main advantage biometrics has is that it is unique to each user. While they may not be 100% unique (since speech can be imitated and faces may look alike), there are still lower risks of breaches. Furthermore, it is considerably easier to use biometric authentication rather than remembering a number of passwords in combination with codes delivered to mobile phones. Biometrics use biological features, which are already a part of you, so there is no fear of losing them, unlike with passwords.

However, traditional or static biometrics also come with a caveat. Security Week explained biometrics’ susceptibility to cloning, even mentioning how Apple’s CEO Tim Cook warned iPhone users to still use a passcode in tandem with the Face ID, in case “you have an evil twin.” The reliability of biometrics ultimately depends on its sensor quality. In reality, such biometrics like fingerprints can be easily copied, whether it’s through photos or from objects held by the user. If there is no way for the technology to detect a fake fingerprint, that poses a problem — especially if it’s used in a single-factor authentication system.

The Rise of Behavioral Biometrics

Today, a new type of biometrics may change the perception of the technology. Technological advancements have given birth to a more dynamic form of biometrics, known as behavioral biometrics. Unlike static biometrics, which uses physical features for identification, behavioral biometrics is concerned with identifying patterns in human activities. If traditional biometrics focuses on what you are, behavioral biometrics deals with what you do. Examples of the technology include the recognition of your typing style, data entry habits, or even the way you walk.

Behavioral biometrics are largely governed by artificial intelligence. For it to pick up human patterns, the technology runs in the background throughout a person’s usage of an application. This can effectively strengthen existing security measures based on explicit biometrics in a convenient manner. By providing continuous authentication to maintain the integrity of sessions, behavioral biometrics will provide a hassle-free, nearly invisible layer of security after the point of entry or login, which static biometrics can easily take care of.

Applications of Behavioral Biometrics

The technology already has a place in the finance sector, with banks implementing behavioral biometrics in online and mobile banking to prevent fraud cases. In recent years, it has expanded its use to other areas, as stated on Forbes Technology Council’s article on behavioral biometrics. Developers have already discovered its uses for identity proofing for online applications and payment apps.

Considering various businesses are already embracing the Internet of Things and are utilizing apps for their operations, behavioral biometrics may be deemed useful in other industries aside from financial services.

For instance, in the transportation sector, fleet owners are now mandated by the federal government to install electronic logging devices (ELDs) in every commercial vehicle. The purpose is to improve asset safety as well as provide maintenance alerts. Verizon Connect’s guide on ELDs also points out how the device will improve fuel efficiency by providing insights on fuel usage. Fleet owners will be alerted when drivers are driving erratically or not using efficient routes, therefore wasting fuel in the process. Both static and behavioral biometrics could enter the equation by providing added security for driver sign-ins. In order to ensure the security of the vehicle and its freight, drivers can be verified using biometrics. Static biometrics can scan a driver’s fingerprint or face before starting the ignition or unlocking freight doors, while behavioral biometrics can continuously monitor the user’s driving habits to verify the driver’s identity and the shipment’s security.

Strengthening the MFA

The AI-driven approach of behavioral biometrics may be able to reinforce the effectiveness of MFA. Previously, concerns with MFA had to do with the friction it causes to users who want a hassle-free online experience. The best application of this technology is not in the replacement of traditional biometrics, passwords, or mobile codes, but in support of them. The behavioral biometrics would then work as a convenient and continuous layer of security. Implementing this new form of technology in the authentication process means that security won’t stop at the entry point. In a world constantly threatened by cyber attacks, this is a measure that should be heavily considered.

inWebo acknowledges the potential of behavioral metrics, which is why the company has opted to partner with Zighra. Zighra offers an AI-powered continuous authentication platform. For more information about the product or about security in general, you can browse the various sections categories on inWebo.